On Tue, Dec 15, 2015 at 2:00 PM, Vincent Torri <vincent.to...@gmail.com> wrote: > On Tue, Dec 15, 2015 at 12:05 PM, Jacek Caban <ja...@codeweavers.com> wrote: >> Hi Vincent, >> >> On 12/15/15 7:20 AM, Vincent Torri wrote: >>> Hello >>> >>> I am still working on Examine, my small valgrind-like memory leak >>> detector (http://vtorri.github.io/examine/) and I have 2 questions. >>> >>> First, I recall that it works by doing DLL injection with >>> CreateRemoteThread, and API hooking by patching the IAT. >>> >>> So Examine is working well, now, but I have 2 questions, about >>> _strdup() and malloc() : >>> >>> 1) If I call malloc() in a program, it is detected by Examine. If I >>> call _strdup(), malloc is not detected at all, while MSDN says that >>> _strdup() "calls malloc to allocate storage space" (see >>> https://msdn.microsoft.com/en-us/library/y471khhc.aspx). Does someone >>> have an idea why malloc() is not catched ? >> >> Both malloc and _strdup live in the same DLL (like msvcrt.dll or any >> other msvcr*.dll version), so calls from _strdup to malloc don't use >> import table, it's a direct call. You could have more luck by hot >> patching malloc function itself, but I don't think it's the right solution. >> >> You may have more luck patching HeapAlloc (or even RtlAllocateHeap) >> instead. At least in Wine, malloc ends up calling it. > > I've already patched HeapAlloc(), but malloc is already patched. I'll > try to remove malloc() hook.
No luck. I have removed all the hooks except HeapAlloc. If I test Examine with a program with only 1 malloc(), malloc is not detected. Vincent Torri ------------------------------------------------------------------------------ _______________________________________________ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
